exe.io/0YRaqrH
104.26.2.103301 Moved Permanently 0 B IP 104.26.2.103:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0YRaqrH HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Dec 2022 07:52:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 25 Dec 2022 08:52:07 GMT
Location: https://exe.io/0YRaqrH
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4asDNfNaau8OKyNPSQJBYPgR13307%2FWIo3WHX%2FTC32QTu8Fjd%2B8o%2BQVzl2rE11Bdf5next4B4sRVtZM1jv4ZpjNGJkH7NO8c9QMdyJwSsGpgUwBuQ4TJlA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77effed3cc1eb4f4-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7e300ca7d2d586dd1ca0c185ef6b0da5
3914cfd3b7aa6e1d1117bf509319479e489ed2a4
91c8810ad137faf4393f7d15f9c619c06d124a7aaebfa21290dca614db2c7757
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91C8810AD137FAF4393F7D15F9C619C06D124A7AAEBFA21290DCA614DB2C7757"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16178
Expires: Sun, 25 Dec 2022 12:21:45 GMT
Date: Sun, 25 Dec 2022 07:52:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9cce060ddc316540d079e6816a1e7412
709a74969d1996d2b35ef0f7f34ae18455169f1e
6d58b895476c9ab451d8fc51df98809adca445bc6e9d720430e80a0c85242879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D58B895476C9AB451D8FC51DF98809ADCA445BC6E9D720430E80A0C85242879"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10869
Expires: Sun, 25 Dec 2022 10:53:16 GMT
Date: Sun, 25 Dec 2022 07:52:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7f0ad5c2841a345f98197c2f1e86f4d
84cbfd91934a8715baba4a2da46451f35597c99c
be30540f2e06a3565c9b38bdbb9691f707d692b196bdcef5d671708aa9609795
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE30540F2E06A3565C9B38BDBB9691F707D692B196BDCEF5D671708AA9609795"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5481
Expires: Sun, 25 Dec 2022 09:23:28 GMT
Date: Sun, 25 Dec 2022 07:52:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 25 Dec 2022 07:46:21 GMT
content-type: application/json
age: 346
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: qAs72xcPlB3VhN5dDtcww4S4C+Tc8ZfqjXBscfcBQmwK6FQWEOFyxuqUluotKOnE2FiaHruCvHM=
x-amz-request-id: 53E049RYW9NEFCST
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 25 Dec 2022 06:54:48 GMT
age: 3439
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9cafc84f72c9137a2de0235d78ed329c
377b796e3d0ba28d63b49878565516066bb2ce7b
d28f6d0da023e6caca679dd5ba1eee2c474d448674b2d7dc801992a5dacb314e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3956
Cache-Control: max-age=137681
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:07 GMT
Etag: "63a76884-116"
Expires: Mon, 26 Dec 2022 22:06:48 GMT
Last-Modified: Sat, 24 Dec 2022 21:00:52 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 07:52:07 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9cafc84f72c9137a2de0235d78ed329c
377b796e3d0ba28d63b49878565516066bb2ce7b
d28f6d0da023e6caca679dd5ba1eee2c474d448674b2d7dc801992a5dacb314e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3956
Cache-Control: max-age=137681
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:07 GMT
Etag: "63a76884-116"
Expires: Mon, 26 Dec 2022 22:06:48 GMT
Last-Modified: Sat, 24 Dec 2022 21:00:52 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc0b1c9ef710b63c6ea637e040e2f087
a6c4ac4b5175a70fc41a3538ae56dd1080067bdc
957194303dac5075a80b096f8c468a90539d9a370f37467e6e43ea4bbeb15cba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "957194303DAC5075A80B096F8C468A90539D9A370F37467E6E43EA4BBEB15CBA"
Last-Modified: Thu, 22 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=653
Expires: Sun, 25 Dec 2022 08:03:00 GMT
Date: Sun, 25 Dec 2022 07:52:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 25 Dec 2022 07:08:04 GMT
age: 2643
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
exeo.app/0YRaqrH
104.26.8.233200 OK 151 kB IP 104.26.8.233:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (60299)
Size 151 kB (151332 bytes)
Hash cc9031d5626a06d3f6f3c2468df67b1f
5fa50c85e6ae1257d6f053bbbaf9571bd29e27c8
ed1154544d39a73f57b4c5009f2d92e0ccb157c266bfe43ec6187d754dce0337
Analyzer Verdict Alert fortinet Malware
GET /0YRaqrH HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga=GA1.2.2029702912.1671950902; _gid=GA1.2.1608658714.1671950902; __gads=ID=a5161ffaf28e6044:T=1671950904:S=ALNI_MYdVM0gJmKQ6Co20xgNcRiT0KshkA; __gpi=UID=00000b98151c0015:T=1671950904:RT=1671950904:S=ALNI_MaY7bcCD3CJPxqvWgAp2ol3BoAyKA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:07 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=1b2faff0811f115274737d3b6b8feb62; path=/; HttpOnly
csrfToken=836479c1231bedd7ddc70fccbca9bc16c883202ac24846fc10f53791b419ee4ff9837bc530f5289bdba1e95a3d58c1e84c308eb47ca164a1dd1c0de67ecb93c6; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8NGCDHAIzmqVGd0SybdNC2xnOZ%2B6JNx19zs8YUuc14veTsfxDZOmZLfUEUCYQZVUXtU6U2d1eZTYAwaAQAmvU8W%2B%2FC7DznJh8Dkvd7fwcpJVwN7Hm%2BpMHy%2BR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effed76e9b1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
exe.io/img/logo_sm.png
104.26.3.103200 OK 7.3 kB IP 104.26.3.103:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c6ea820184e2fed66d46bea0961727b
3f4c8a3b29ec92470986f0073faf93f6d5cb8c35
7b5909e1e74fbd27e91e37fb276c6a440ee23d05cf4a03fb6af5455e0812686c
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:07 GMT
content-type: image/png
content-length: 7266
cache-control: max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10989, status=vary_header_present
expires: Tue, 12 Dec 2023 17:30:47 GMT
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
vary: User-Agent, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1088480
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f1Q7siHO9ILdfL6JySv0C5iU2CDE0rlcQ0StSQX3OCVwK4G1IMFXSUq2vzQ0vp9BMDFbNXjn783CivLRbeRAQutxYrH%2FvsBYo5jHn8ys8%2FZA%2BKBPen16hg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effed8ed3afab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5100021a7f8224edae91cf7c15ece4b2
2b0877c1cde0483463babb806f610158761489c7
701becec3ebad5661cfc231ad96cd17d95c4453206036fd3d05a246db72debef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c3fe4743f9a53cff9cc725d5da6fef2f
21f8c945671d492d20d3ae73535b44b80393bab4
27baee9b01e7877fd04130c0485cac8e3b14c17f8bfb5882d51cb470ea007db8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5100021a7f8224edae91cf7c15ece4b2
2b0877c1cde0483463babb806f610158761489c7
701becec3ebad5661cfc231ad96cd17d95c4453206036fd3d05a246db72debef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash bafd2cc0185e69e5067efa3677cb60de
ada566fa835017734341818628659b05f19a62db
70de686c5f0a8638320298579c84ef33647c1240e94de7c8d51120f99e84d5ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1264
Cache-Control: max-age=123477
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Etag: "63a73b8d-117"
Expires: Mon, 26 Dec 2022 18:10:05 GMT
Last-Modified: Sat, 24 Dec 2022 17:49:01 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d7938ab2263405a708c44813f3e16cb8
3ba9f4363ecc2834ea1211f761ce2d04e0077ab3
8a8ef4218bcd8ecb1f12ecdb74f3f453a7093be8dd3c233615577dcc9b40fa92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1139
Cache-Control: max-age=92020
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Etag: "63a6c129-1d7"
Expires: Mon, 26 Dec 2022 09:25:48 GMT
Last-Modified: Sat, 24 Dec 2022 09:06:49 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2482241e136299be414a46e801799d1c
3cb22337ba69849216a542d0d7f761544f425b0c
717fe0c9d589d0658fede4a8057d971658d8042a841e7d09698e45255ce1c352
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "717FE0C9D589D0658FEDE4A8057D971658D8042A841E7D09698E45255CE1C352"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8882
Expires: Sun, 25 Dec 2022 10:20:10 GMT
Date: Sun, 25 Dec 2022 07:52:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c3fe4743f9a53cff9cc725d5da6fef2f
21f8c945671d492d20d3ae73535b44b80393bab4
27baee9b01e7877fd04130c0485cac8e3b14c17f8bfb5882d51cb470ea007db8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35962dc99143b9b61b1a429df7d27f77
4869481c1ff7fdc6144cacdb7089aa94d9016f32
69f73899571abc3fbd79fe5c5d1850a6f1eeb5c20e9636e53673fba68ace0aee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "69F73899571ABC3FBD79FE5C5D1850A6F1EEB5C20E9636E53673FBA68ACE0AEE"
Last-Modified: Sat, 24 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19168
Expires: Sun, 25 Dec 2022 13:11:36 GMT
Date: Sun, 25 Dec 2022 07:52:08 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2482241e136299be414a46e801799d1c
3cb22337ba69849216a542d0d7f761544f425b0c
717fe0c9d589d0658fede4a8057d971658d8042a841e7d09698e45255ce1c352
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "717FE0C9D589D0658FEDE4A8057D971658D8042A841E7D09698E45255CE1C352"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8882
Expires: Sun, 25 Dec 2022 10:20:10 GMT
Date: Sun, 25 Dec 2022 07:52:08 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3fc0062635ed288cd9b0f2506a3857e2
d093920fa499404588553e2cfcceb008c10edea3
582e5d9235eb2ca856370a74b08e64b333fe7c26077e7fc0bcb38ac6a38787f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "582E5D9235EB2CA856370A74B08E64B333FE7C26077E7FC0BCB38AC6A38787F3"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8000
Expires: Sun, 25 Dec 2022 10:05:28 GMT
Date: Sun, 25 Dec 2022 07:52:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9527d889a5b94c28b4dcd8809ffba513
b2ee81348df6ebc3f72fcd64b7767df0a1903fb5
9d3cfbc6c96f2da85420d44bdd58f8e860487d3cbf1ffda4d21477b566f23059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9527d889a5b94c28b4dcd8809ffba513
b2ee81348df6ebc3f72fcd64b7767df0a1903fb5
9d3cfbc6c96f2da85420d44bdd58f8e860487d3cbf1ffda4d21477b566f23059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:56:07 GMT
expires: Tue, 19 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 478561
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
aultseemedto.xyz/utx?cb=msT4HSckGQeI&top=exeo.app&tid=822524
143.204.55.122204 No Content 0 B URL HTTP/2 aultseemedto.xyz/utx?cb=msT4HSckGQeI&top=exeo.app&tid=822524
IP 143.204.55.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=msT4HSckGQeI&top=exeo.app&tid=822524 HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 07:52:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 25 Dec 2022 07:53:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MZ-ftPdtK3m0ANtkVpm4he_jjozHkUucfDbYyszdM-OwWIghwvhgQg==
X-Firefox-Spdy: h2
aultseemedto.xyz/utx?cb=zYyMReUUsWcb&top=exeo.app&tid=889494
143.204.55.122204 No Content 0 B URL HTTP/2 aultseemedto.xyz/utx?cb=zYyMReUUsWcb&top=exeo.app&tid=889494
IP 143.204.55.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=zYyMReUUsWcb&top=exeo.app&tid=889494 HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 07:52:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 25 Dec 2022 07:53:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OkeGAP5XpHWDLbSmqm4NtXb-D3Jn3H_iGNC4ONwnwKCGuMCwB-EyRg==
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:52:41 GMT
expires: Tue, 19 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 478767
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
live.demand.supply/impl.v16.3.0.js
104.16.133.22200 OK 24 kB URL HTTP/2 live.demand.supply/impl.v16.3.0.js
IP 104.16.133.22:0
File type ASCII text, with very long lines (26438)
Hash 68495dd5c8c8137316f339f8f4331afb
ccaf045e887587e3508c4917e853f33cb80dfa0f
9ff290168f3c39d814951c4abb13efb3c491d58035fc387df076074c7007908b
GET /impl.v16.3.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=bd5cee6c-e676-499b-bb0b-de17b61f7ecc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=74953
etag: W/"b19940580c70e30455a2254a785a8919-ssl-df"
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01GMX2V689ENQZTBQ4NFCNSXD1
cf-cache-status: HIT
age: 236356
server: cloudflare
cf-ray: 77effedb4b2bb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aultseemedto.xyz/UlVFTU8zNyYgcDNoJ2s6IDl4aH0UcHcLK2MwNz99JyUvfXtiL2suIz0gISs9PTsxYyE3IWB/CSo3KyE/NmVxAwk1NhcuHT0EARg/YAMuDysGOzUECio6HAQNZxAGCSAVFwR5NxpmNikXKmULBiMcHxE1PCQUB3gaBwY2DAg+BwIsDmoxBn0/ZAYEfRUVFhMZDBM2IB03MRcNHB48Fil1LBQ7CAkJOhggBCgbDBEIGhsCdCkVBzs9KBoAYSAEDj0CDSodIA0AJgcTZzEuHAQ9DRQJZzYSJxkgDQAmKho8BxQbBy0ACQomGRIcdmYCKTUuHAIxLhwAeDYPLmNlcRoKNmIUCCMTACs1KhoyMhgFAxMmGjUUbR0mJwgHdnQqARA9Cyk1MhQKNxs6BBwJHwcUJSkBAz0XKTkyCBsKC3MvPiA8JXgsAho/MhUnZyY
143.204.55.122200 OK 1.2 kB URL HTTP/2 aultseemedto.xyz/UlVFTU8zNyYgcDNoJ2s6IDl4aH0UcHcLK2MwNz99JyUvfXtiL2suIz0gISs9PTsxYyE3IWB/CSo3KyE/NmVxAwk1NhcuHT0EARg/YAMuDysGOzUECio6HAQNZxAGCSAVFwR5NxpmNikXKmULBiMcHxE1PCQUB3gaBwY2DAg+BwIsDmoxBn0/ZAYEfRUVFhMZDBM2IB03MRcNHB48Fil1LBQ7CAkJOhggBCgbDBEIGhsCdCkVBzs9KBoAYSAEDj0CDSodIA0AJgcTZzEuHAQ9DRQJZzYSJxkgDQAmKho8BxQbBy0ACQomGRIcdmYCKTUuHAIxLhwAeDYPLmNlcRoKNmIUCCMTACs1KhoyMhgFAxMmGjUUbR0mJwgHdnQqARA9Cyk1MhQKNxs6BBwJHwcUJSkBAz0XKTkyCBsKC3MvPiA8JXgsAho/MhUnZyY
IP 143.204.55.122:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3034), with no line terminators
Hash 49c3e0cb43dc1b8c1be747a413859a59
556b31a42d92ac3f0fde16cf4538e00a2a288b0f
cda320e44a7a1912cb0d51ea52c01b5017b7b2d139af50e7a5ed0384017487c5
GET /UlVFTU8zNyYgcDNoJ2s6IDl4aH0UcHcLK2MwNz99JyUvfXtiL2suIz0gISs9PTsxYyE3IWB/CSo3KyE/NmVxAwk1NhcuHT0EARg/YAMuDysGOzUECio6HAQNZxAGCSAVFwR5NxpmNikXKmULBiMcHxE1PCQUB3gaBwY2DAg+BwIsDmoxBn0/ZAYEfRUVFhMZDBM2IB03MRcNHB48Fil1LBQ7CAkJOhggBCgbDBEIGhsCdCkVBzs9KBoAYSAEDj0CDSodIA0AJgcTZzEuHAQ9DRQJZzYSJxkgDQAmKho8BxQbBy0ACQomGRIcdmYCKTUuHAIxLhwAeDYPLmNlcRoKNmIUCCMTACs1KhoyMhgFAxMmGjUUbR0mJwgHdnQqARA9Cyk1MhQKNxs6BBwJHwcUJSkBAz0XKTkyCBsKC3MvPiA8JXgsAho/MhUnZyY HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1183
date: Sun, 25 Dec 2022 07:52:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iHgVRMRaakcrBySiT_tsLe3qeHStZ0x9eDn5W12Saycm5J5MECKZGA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f8f1ca50c1b7a4ced1d6977fdcafd26a
bd2a0c5a212d0e7410d4bc754550867ff38c9f37
8bfc8eb6cd9526c9cef4535ca66cef8b3f797ee425f5f5db6a754457011af3d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BFC8EB6CD9526C9CEF4535CA66CEF8B3F797EE425F5F5DB6A754457011AF3D5"
Last-Modified: Thu, 22 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=490
Expires: Sun, 25 Dec 2022 08:00:18 GMT
Date: Sun, 25 Dec 2022 07:52:08 GMT
Connection: keep-alive
aultseemedto.xyz/Q0hUU2QiKjc+WyJ1NnURMSRpdlYFbWYVAHItJiFWNjg+Y1BzMnowCCw9MDUWLCYgfQomPHFhIgQSAwUKDR0/FCckJAA3DAYFFSQMOx5lNzcBe2UXIDsaNRkcFREYYD0AHhIwKRkMJ2AhAREAAzZ7CgM0MjULBQIuFiYGFyUCJAM3IhEMFj8hMR8SFSYSHD8YIC84ERkTNB0cOFR6DjMkIAYyIxYzAjg1HhM0AhdiNjAeLR03BHs4EjJyKzADAzQEFWILZnoWFQ8BHhYABxEZEgYiJg4CHzI7CmIZVAEeFgdQDgtlFiYhDg09NSQsYRsyDRwRGwstGRJ+MQUHLB0lFQAGZzIVCh4RMwEJAmIAEAQVCisAChZkLXIsDBEsLx4CFQcGKhI3MgIeI2QlAgUdBzM7EB1iPQUuEScyEh0WYzICbj4gCy04aRsnCHlmODUxGiEi
143.204.55.122200 OK 1.2 kB URL HTTP/2 aultseemedto.xyz/Q0hUU2QiKjc+WyJ1NnURMSRpdlYFbWYVAHItJiFWNjg+Y1BzMnowCCw9MDUWLCYgfQomPHFhIgQSAwUKDR0/FCckJAA3DAYFFSQMOx5lNzcBe2UXIDsaNRkcFREYYD0AHhIwKRkMJ2AhAREAAzZ7CgM0MjULBQIuFiYGFyUCJAM3IhEMFj8hMR8SFSYSHD8YIC84ERkTNB0cOFR6DjMkIAYyIxYzAjg1HhM0AhdiNjAeLR03BHs4EjJyKzADAzQEFWILZnoWFQ8BHhYABxEZEgYiJg4CHzI7CmIZVAEeFgdQDgtlFiYhDg09NSQsYRsyDRwRGwstGRJ+MQUHLB0lFQAGZzIVCh4RMwEJAmIAEAQVCisAChZkLXIsDBEsLx4CFQcGKhI3MgIeI2QlAgUdBzM7EB1iPQUuEScyEh0WYzICbj4gCy04aRsnCHlmODUxGiEi
IP 143.204.55.122:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3039), with no line terminators
Hash 41a13bdefa238eb2b11c56730fe6850d
11fcea78833b1f2d24e98675a37b30dfff302ab1
50b832657976a7cf2ec8a4928b69fa6c7f04868336b4776dcf831128d8bce3f5
GET /Q0hUU2QiKjc+WyJ1NnURMSRpdlYFbWYVAHItJiFWNjg+Y1BzMnowCCw9MDUWLCYgfQomPHFhIgQSAwUKDR0/FCckJAA3DAYFFSQMOx5lNzcBe2UXIDsaNRkcFREYYD0AHhIwKRkMJ2AhAREAAzZ7CgM0MjULBQIuFiYGFyUCJAM3IhEMFj8hMR8SFSYSHD8YIC84ERkTNB0cOFR6DjMkIAYyIxYzAjg1HhM0AhdiNjAeLR03BHs4EjJyKzADAzQEFWILZnoWFQ8BHhYABxEZEgYiJg4CHzI7CmIZVAEeFgdQDgtlFiYhDg09NSQsYRsyDRwRGwstGRJ+MQUHLB0lFQAGZzIVCh4RMwEJAmIAEAQVCisAChZkLXIsDBEsLx4CFQcGKhI3MgIeI2QlAgUdBzM7EB1iPQUuEScyEh0WYzICbj4gCy04aRsnCHlmODUxGiEi HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Sun, 25 Dec 2022 07:52:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xDnsY-GIlNZ4IYwsTAZjEDfhugTDoBWRCl1bHkoMv2N-77_R5_4Ybw==
X-Firefox-Spdy: h2
othdgemanow.xyz/RjVIdExpCisHcRxhDkIZAV0fNid/Wx0yFQBmHzouE0ICOxUQRm4AJSIIcEB/dAN5UjwvUXVFdGBGPBU4M0Z1RWovWy4bcWBDdUVidht6Wn5gQHVFajJFKRNxdxM4ADgqCHlCe3cMfUB7dAB+QHg
104.21.68.42204 No Content 0 B URL HTTP/2 othdgemanow.xyz/RjVIdExpCisHcRxhDkIZAV0fNid/Wx0yFQBmHzouE0ICOxUQRm4AJSIIcEB/dAN5UjwvUXVFdGBGPBU4M0Z1RWovWy4bcWBDdUVidht6Wn5gQHVFajJFKRNxdxM4ADgqCHlCe3cMfUB7dAB+QHg
IP 104.21.68.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RjVIdExpCisHcRxhDkIZAV0fNid/Wx0yFQBmHzouE0ICOxUQRm4AJSIIcEB/dAN5UjwvUXVFdGBGPBU4M0Z1RWovWy4bcWBDdUVidht6Wn5gQHVFajJFKRNxdxM4ADgqCHlCe3cMfUB7dAB+QHg HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 07:52:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DhJx3OFEIpXX%2FdMYEBG86sEYs9vYhvYxQYGn9u67qOpSc26PrHTXAHspt6Q4fd7g0QfIVnu%2BC7JT%2FRyfcUt6OX1lhP3WVCOhrLua4a5TkB62xae71otwYCCJ%2ByXB7ri7SAc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effedad936b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
othdgemanow.xyz/STZOSlNmCS05bihuABgxHE4fGxQHbyocJwhXCHtkHGMYJQQYEDojN3QOfHhmewJoOjotC39sID1XOj8gdAdoIz0vWXNsJXQHYHlnZwV/ZGFvQ3N7dT1GLy1ueBA+PiclC398ZHgPe35kewN7fWc
104.21.68.42204 No Content 0 B URL HTTP/2 othdgemanow.xyz/STZOSlNmCS05bihuABgxHE4fGxQHbyocJwhXCHtkHGMYJQQYEDojN3QOfHhmewJoOjotC39sID1XOj8gdAdoIz0vWXNsJXQHYHlnZwV/ZGFvQ3N7dT1GLy1ueBA+PiclC398ZHgPe35kewN7fWc
IP 104.21.68.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /STZOSlNmCS05bihuABgxHE4fGxQHbyocJwhXCHtkHGMYJQQYEDojN3QOfHhmewJoOjotC39sID1XOj8gdAdoIz0vWXNsJXQHYHlnZwV/ZGFvQ3N7dT1GLy1ueBA+PiclC398ZHgPe35kewN7fWc HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 07:52:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oyiE9RGqjNoOWn3hdjKiOmjsWfbwZvpnhlnzANz00ajrKYBlQB9vcLQMHr3tr0S3UcGiBTtWMK78BcKXUcsGExROPfC0HOkmckwM%2Fwj2%2Fgu3SaWIJiMyDSFq8SA6oX9CWm0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effedad933b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9527d889a5b94c28b4dcd8809ffba513
b2ee81348df6ebc3f72fcd64b7767df0a1903fb5
9d3cfbc6c96f2da85420d44bdd58f8e860487d3cbf1ffda4d21477b566f23059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
othdgemanow.xyz/aExQc2RHczMAWQonODY+PgYKFTw+LzEfCFAvPDENPxQSSzwvGXYHDQxxaEtdXHVkVRQBKG1CQhs4MQcRG3FhVQ0GKj9OQh5xYV1XXGJjQkpaaiVOVU44IBIDVX12AxAcIG1CUl99aUZQX35lRVZe
104.21.68.42204 No Content 0 B URL HTTP/2 othdgemanow.xyz/aExQc2RHczMAWQonODY+PgYKFTw+LzEfCFAvPDENPxQSSzwvGXYHDQxxaEtdXHVkVRQBKG1CQhs4MQcRG3FhVQ0GKj9OQh5xYV1XXGJjQkpaaiVOVU44IBIDVX12AxAcIG1CUl99aUZQX35lRVZe
IP 104.21.68.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aExQc2RHczMAWQonODY+PgYKFTw+LzEfCFAvPDENPxQSSzwvGXYHDQxxaEtdXHVkVRQBKG1CQhs4MQcRG3FhVQ0GKj9OQh5xYV1XXGJjQkpaaiVOVU44IBIDVX12AxAcIG1CUl99aUZQX35lRVZe HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 07:52:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNQQGr%2FvCcYyNqPQ03QHiS0NcIo58MZOIZ9%2F%2BggO7f%2BB6C1hzwXiK0cPVSCrdVBhk9Gy9chXKV%2B9eSX9IDw%2BREqZBFwl93Ax2TH4i4PYaYus3YRKSP0hPl4x3me9zBC1WYA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effedaf94bb4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35962dc99143b9b61b1a429df7d27f77
4869481c1ff7fdc6144cacdb7089aa94d9016f32
69f73899571abc3fbd79fe5c5d1850a6f1eeb5c20e9636e53673fba68ace0aee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "69F73899571ABC3FBD79FE5C5D1850A6F1EEB5C20E9636E53673FBA68ACE0AEE"
Last-Modified: Sat, 24 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19168
Expires: Sun, 25 Dec 2022 13:11:36 GMT
Date: Sun, 25 Dec 2022 07:52:08 GMT
Connection: keep-alive
exeo.app/css/continue.css
104.26.8.233200 OK 41 kB URL HTTP/2 exeo.app/css/continue.css
IP 104.26.8.233:0
File type ASCII text, with very long lines (65079)
Hash 137c630535c4c21c9210b602f2fd409c
585308ee6f98094259e003ea52ec2d1e7e0c0417
e57ddb4cabbb2bdb019e6974605ec76b66990162e773bf52918726b5ddfa6742
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/0YRaqrH
Cookie: _ga=GA1.2.2029702912.1671950902; _gid=GA1.2.1608658714.1671950902; __gads=ID=a5161ffaf28e6044:T=1671950904:S=ALNI_MYdVM0gJmKQ6Co20xgNcRiT0KshkA; __gpi=UID=00000b98151c0015:T=1671950904:RT=1671950904:S=ALNI_MaY7bcCD3CJPxqvWgAp2ol3BoAyKA; AppSession=1b2faff0811f115274737d3b6b8feb62; csrfToken=836479c1231bedd7ddc70fccbca9bc16c883202ac24846fc10f53791b419ee4ff9837bc530f5289bdba1e95a3d58c1e84c308eb47ca164a1dd1c0de67ecb93c6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:07 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Wed, 11 Jan 2023 22:59:01 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1068786
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1KlWADDtr9RLcXx42jIPOuMdFyL8iuCNsVms6pIX4CMhN5SOgJ%2F4ZMzwsO9DdWITi68jW8CfXlkRkwx3%2BRM%2FaZ%2FSEWNmltGv6NT148ofP9q3thyOGAjPWhkn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effed8af261c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.demand.supply/e/e.js?e=ll&d=223&cs=c&dsReferer=ZXhlby5hcHAvMFlSYXFySA==
104.16.133.22200 OK 0 B URL HTTP/2 live.demand.supply/e/e.js?e=ll&d=223&cs=c&dsReferer=ZXhlby5hcHAvMFlSYXFySA==
IP 104.16.133.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=223&cs=c&dsReferer=ZXhlby5hcHAvMFlSYXFySA== HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "9664438fc0db5c4deed9238aef210660-ssl"
x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
cf-cache-status: HIT
age: 1067870
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77effedb98f3b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.39.94.191101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.94.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WXX0pbFYiyAhW/Crd0+dmQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2TDQVA/KrU04E36uNvn23KEL8J4=
aultseemedto.xyz/MXFIcWRQEyscW1BMKlcRQx11VFZ3VHo3AAAUOgNWRAEiQVABC2YSCF4ELBcWXh88XwpUBW1DImkTHTspYkABPihiODwTNloDAzk+QCYQN0EDMy4mKn06DEkPYTN5VFZ3MHsGBn4IBkYBYB4mFA1CMAokFwM/IUgSaSYZFi9bBgMXVl4EGDBRFEMOFzMBCwsiJkkXeyA9eEINHDRjEjo4J1ILGzklehcmCQBrQn1GAVkeOjgNCUgPGyJBFB84IH8cJEQ9XQkxKApFQhAWJkEUHzgFeggCSD5aGTA1CQQWECUUBxd7FQFwNiREPVlJeBA8ViUQOS4EKx87IWtCZURTfyAvGS5II3spE2NUejMBAz8sEgoARhFBDEYXC0FTeQgrAC5yAQESJUFHER0MQhcPQQpkOQVXDkIeJgFZfkYBJwUGQxA7XFY6Hw
143.204.55.122200 OK 1.2 kB URL HTTP/2 aultseemedto.xyz/MXFIcWRQEyscW1BMKlcRQx11VFZ3VHo3AAAUOgNWRAEiQVABC2YSCF4ELBcWXh88XwpUBW1DImkTHTspYkABPihiODwTNloDAzk+QCYQN0EDMy4mKn06DEkPYTN5VFZ3MHsGBn4IBkYBYB4mFA1CMAokFwM/IUgSaSYZFi9bBgMXVl4EGDBRFEMOFzMBCwsiJkkXeyA9eEINHDRjEjo4J1ILGzklehcmCQBrQn1GAVkeOjgNCUgPGyJBFB84IH8cJEQ9XQkxKApFQhAWJkEUHzgFeggCSD5aGTA1CQQWECUUBxd7FQFwNiREPVlJeBA8ViUQOS4EKx87IWtCZURTfyAvGS5II3spE2NUejMBAz8sEgoARhFBDEYXC0FTeQgrAC5yAQESJUFHER0MQhcPQQpkOQVXDkIeJgFZfkYBJwUGQxA7XFY6Hw
IP 143.204.55.122:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022), with no line terminators
Hash 6b60163b25a5ce5d8d6051cc3efa3f3a
471251062053603eb17c49c33d031bae1468d2a5
89d0be3d514c232cd5d8f80e7b5c9dae3f10c6dcb1673f707c0abe2c06fe538e
GET /MXFIcWRQEyscW1BMKlcRQx11VFZ3VHo3AAAUOgNWRAEiQVABC2YSCF4ELBcWXh88XwpUBW1DImkTHTspYkABPihiODwTNloDAzk+QCYQN0EDMy4mKn06DEkPYTN5VFZ3MHsGBn4IBkYBYB4mFA1CMAokFwM/IUgSaSYZFi9bBgMXVl4EGDBRFEMOFzMBCwsiJkkXeyA9eEINHDRjEjo4J1ILGzklehcmCQBrQn1GAVkeOjgNCUgPGyJBFB84IH8cJEQ9XQkxKApFQhAWJkEUHzgFeggCSD5aGTA1CQQWECUUBxd7FQFwNiREPVlJeBA8ViUQOS4EKx87IWtCZURTfyAvGS5II3spE2NUejMBAz8sEgoARhFBDEYXC0FTeQgrAC5yAQESJUFHER0MQhcPQQpkOQVXDkIeJgFZfkYBJwUGQxA7XFY6Hw HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Sun, 25 Dec 2022 07:52:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Xcy7ycoJXpHoykewajdY_glSc5xYGIgCxK_j1kK04LWZEwN0ajiIfA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3fc0062635ed288cd9b0f2506a3857e2
d093920fa499404588553e2cfcceb008c10edea3
582e5d9235eb2ca856370a74b08e64b333fe7c26077e7fc0bcb38ac6a38787f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "582E5D9235EB2CA856370A74B08E64B333FE7C26077E7FC0BCB38AC6A38787F3"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8000
Expires: Sun, 25 Dec 2022 10:05:28 GMT
Date: Sun, 25 Dec 2022 07:52:08 GMT
Connection: keep-alive
d1err2upj040z.cloudfront.net/GZWVnNUkGCglTdhEMAwhxV1dSB31DDxRaJxVYL3YCVFcMZDs3EBYTPR8BWgVvCQQJUnRDAAlWdFRDBlErWFFBQTkKDlpEJwwUHk09FgwDEzwEWApaMwwJC1RsVyNSG3lAV1cdPgwLA1o+FkBVBScRQFUFeFVLVxB6J0BVBT4MC1EBbFYnQgd5HVNTEHonQF-UFOxNAVHR4VVBJBWBAV1dSLAYOCBB7I1dXBHlVVFcEbFdVAVw7AAMITWxXI1YFfEtVQUB0VA
143.204.42.49200 OK 492 B URL HTTP/2 d1err2upj040z.cloudfront.net/GZWVnNUkGCglTdhEMAwhxV1dSB31DDxRaJxVYL3YCVFcMZDs3EBYTPR8BWgVvCQQJUnRDAAlWdFRDBlErWFFBQTkKDlpEJwwUHk09FgwDEzwEWApaMwwJC1RsVyNSG3lAV1cdPgwLA1o+FkBVBScRQFUFeFVLVxB6J0BVBT4MC1EBbFYnQgd5HVNTEHonQF-UFOxNAVHR4VVBJBWBAV1dSLAYOCBB7I1dXBHlVVFcEbFdVAVw7AAMITWxXI1YFfEtVQUB0VA
IP 143.204.42.49:0
File type ASCII text, with very long lines (691), with no line terminators
Hash 9dce45340920d3a395f28976fe616570
395ea57fa51e2366a6ff2c5650b8144a6345c2f2
9f82eecd9d904ebbfec183fdb76e5f1aefe05d3bd6c9d39cf196899a5d386245
GET /GZWVnNUkGCglTdhEMAwhxV1dSB31DDxRaJxVYL3YCVFcMZDs3EBYTPR8BWgVvCQQJUnRDAAlWdFRDBlErWFFBQTkKDlpEJwwUHk09FgwDEzwEWApaMwwJC1RsVyNSG3lAV1cdPgwLA1o+FkBVBScRQFUFeFVLVxB6J0BVBT4MC1EBbFYnQgd5HVNTEHonQF-UFOxNAVHR4VVBJBWBAV1dSLAYOCBB7I1dXBHlVVFcEbFdVAVw7AAMITWxXI1YFfEtVQUB0VA HTTP/1.1
Host: d1err2upj040z.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aultseemedto.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 492
date: Sun, 25 Dec 2022 07:52:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TV5Au9dxhfc5NspYPJJrZG2MELCFeSZ3rj-I9kEU6MD9OsATi1GUuw==
X-Firefox-Spdy: h2
live.demand.supply/ds.2.html
104.16.133.22200 OK 773 B URL HTTP/2 live.demand.supply/ds.2.html
IP 104.16.133.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 448bb836bebda79036b610b0a49f9d67
d6ed4137d0b61a21f01947a6e8639a8290d8c72c
7af71fadb23966c4bedab48d4f638f1d784a32de4c1a50f5b6de3f792fe2cbb4
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
x-nf-request-id: 01GM32FRGGXY91P3W7PAZSC246
cf-cache-status: HIT
age: 1067870
vary: Accept-Encoding
server: cloudflare
cf-ray: 77effedb6b3cb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d1err2upj040z.cloudfront.net/XbUJMS1IOLSItbRkrKHZqWXF+fWNLKD8kPB1/A3wbOyN7eQoneisABUs2Ni9vXWQgKjwKf2ouPA5/fW0zCSBxf3QYI3EmPRcrICczSHAKfnxdZ357ehorIi89GjFpeWIDNml5YlxyYnt3XgBpeWIaKyJ9ZkhxDm5gXTp6f3deAGl5Yh80aXgTXHJ5ZWJEZ3-57NQghJyR3XwR+e2Ndcn17Y0hwfC07HycqJCpIcAp6YlhsfG0nUHM
143.204.42.49200 OK 187 B URL HTTP/2 d1err2upj040z.cloudfront.net/XbUJMS1IOLSItbRkrKHZqWXF+fWNLKD8kPB1/A3wbOyN7eQoneisABUs2Ni9vXWQgKjwKf2ouPA5/fW0zCSBxf3QYI3EmPRcrICczSHAKfnxdZ357ehorIi89GjFpeWIDNml5YlxyYnt3XgBpeWIaKyJ9ZkhxDm5gXTp6f3deAGl5Yh80aXgTXHJ5ZWJEZ3-57NQghJyR3XwR+e2Ndcn17Y0hwfC07HycqJCpIcAp6YlhsfG0nUHM
IP 143.204.42.49:0
File type ASCII text, with no line terminators
Hash 4a4457efad8ad86cf2a610cf5c6cd86f
4c49ee246c8dae6f789750e41ff0cc6b5673cb63
4aa405151a3e3e3d64ddcdd66c0441d20b2f9268a577884dea9bd46ecec923b6
GET /XbUJMS1IOLSItbRkrKHZqWXF+fWNLKD8kPB1/A3wbOyN7eQoneisABUs2Ni9vXWQgKjwKf2ouPA5/fW0zCSBxf3QYI3EmPRcrICczSHAKfnxdZ357ehorIi89GjFpeWIDNml5YlxyYnt3XgBpeWIaKyJ9ZkhxDm5gXTp6f3deAGl5Yh80aXgTXHJ5ZWJEZ3-57NQghJyR3XwR+e2Ndcn17Y0hwfC07HycqJCpIcAp6YlhsfG0nUHM HTTP/1.1
Host: d1err2upj040z.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aultseemedto.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 187
date: Sun, 25 Dec 2022 07:52:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: omm6bDvIvgITE36JgebkcfR_w2TID47PPFjl3G2lqCW0EPIXOp57Xg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ff571c77e9fbd063e9602e6634d1e87e
b2c9a22cfee280893f58609a831e01a917677df7
716047d46377cc3673d79312a4e80ec96ee2870cd32b03b43afe4108fa83c130
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6204
Cache-Control: max-age=110422
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Etag: "63a6f542-1d7"
Expires: Mon, 26 Dec 2022 14:32:30 GMT
Last-Modified: Sat, 24 Dec 2022 12:49:06 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9d5332c93030ae2a20d6a6b5a16474c
fbf673c69861c5d118d31e14e30f4874bbb97b9a
4acf9e40763ef30e24620d081e14dfbdcef283b8eaee4350f0771ab2a3193cf5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 25 Dec 2022 06:41:11 GMT
expires: Sun, 25 Dec 2022 08:41:11 GMT
cache-control: public, max-age=7200
age: 4257
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9d5332c93030ae2a20d6a6b5a16474c
fbf673c69861c5d118d31e14e30f4874bbb97b9a
4acf9e40763ef30e24620d081e14dfbdcef283b8eaee4350f0771ab2a3193cf5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash be8f0ec43455138c0c17a20e9d90b541
21fa5f5df0b8cbf7cd77b1932bf82fb2913a19f4
0bb8177c477a31188f16732747ef20758863be5d7fe657624f8b50c5499706e5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvMFlSYXFySA==
104.16.133.22200 OK 606 B URL HTTP/2 api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvMFlSYXFySA==
IP 104.16.133.22:0
File type JSON data\012- , ASCII text, with very long lines (304), with no line terminators
Hash 64621848c67ca2a5ece011a1c6c71873
b2d94b4b72c70f0b4ca311432f2307b3381ca2b8
4e8cbb2a1a943e8982b668fe2fd435158e0665ed23fa1730d84fc18123283646
GET /v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvMFlSYXFySA== HTTP/1.1
Host: api.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
etag: W/"130-cuIimaqz9R/W6QfpO65KP93Vq1c"
cf-cache-status: HIT
age: 7152
vary: Accept-Encoding
server: cloudflare
cf-ray: 77effedc0968b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (39504)
Hash 73b3f83b0602a979865fc4865f93dcfc
07bd887f10cbb9e297403a7d16acca7419e278d2
5b6bf915a1589ddfc229a2a4f13a056a973a07a8cedb78ab898316507c8f1b0a
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27666
date: Sun, 25 Dec 2022 07:52:08 GMT
expires: Sun, 25 Dec 2022 07:52:08 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1431 / 717 of 1000 / last-modified: 1670587582"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.211.13302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.211.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 6f5fe5b7ce3d133dcb0731946b655720
c2210862a957f35a210694efce80e98f131731cc
37ee76d5d8c8952da840c108cac16a774d511f3e6fc505d32975f52ca2785499
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 25 Dec 2022 07:52:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1090327880%3A1671954728656273&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6MAPccPvbpDmGYInDaju28ELiHLVuxoHk3rQ5_tgOuL2hbBiariZIcn-cr2pG4ZTbnwMe4rg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-d8KmFRsYcG7tSN_H4Sl7Xw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:BQLjryxWXIN0x23KJORWflzm5P8-7A:e0_bTMflnsnoOZWR;Path=/;Expires=Tue, 24-Dec-2024 07:52:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4520987e43f1961867ed52d00b1a5dd9
48d26ca30d8f20bb77ba538c92b9bcb1f01e9a25
4865aa67755f602ed0050bb0eb1a5ccc04e63fff4b4d15bce39a3218c925c7a2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 07:52:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Dec 2022 14:07:07 GMT
Expires: Thu, 29 Dec 2022 14:07:06 GMT
Etag: "48d26ca30d8f20bb77ba538c92b9bcb1f01e9a25"
Cache-Control: max-age=367497,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77effedd18b51c06-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5ec1233b7456781e4e2fb3e8dfea4860
bf61533c9ec2a6310d80457b1231400cf8631868
820ff717f6d3609bf61e238fda2ecfd8fd9aaf77e85760c0154f72461b33de6e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S1443106293%3A1671954728639874&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4p4Ly25NuLOUM7GeOhUZ6JjKNq6cJ7U5f0PZ7X7wJ4WcGMbY8Gopxe7GSb-ub-Q8A0_T14QQ
216.58.211.13403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1443106293%3A1671954728639874&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4p4Ly25NuLOUM7GeOhUZ6JjKNq6cJ7U5f0PZ7X7wJ4WcGMbY8Gopxe7GSb-ub-Q8A0_T14QQ
IP 216.58.211.13:0
Hash 0d51dde20a20648eec7692aa9441693c
65f2a75490289af367f3b468d856cee7622baa39
7c4c2bcbc2e9f6efd050eb1dfea05201a2ebe2148ed83751241200840d0f1c17
GET /v3/signin/identifier?dsh=S1443106293%3A1671954728639874&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4p4Ly25NuLOUM7GeOhUZ6JjKNq6cJ7U5f0PZ7X7wJ4WcGMbY8Gopxe7GSb-ub-Q8A0_T14QQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 25 Dec 2022 07:52:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-exscy4LgFew003BF5d63ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
37.48.68.71200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 904
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 25 Dec 2022 07:52:08 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ff571c77e9fbd063e9602e6634d1e87e
b2c9a22cfee280893f58609a831e01a917677df7
716047d46377cc3673d79312a4e80ec96ee2870cd32b03b43afe4108fa83c130
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6204
Cache-Control: max-age=110422
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Etag: "63a6f542-1d7"
Expires: Mon, 26 Dec 2022 14:32:30 GMT
Last-Modified: Sat, 24 Dec 2022 12:49:06 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js?cb=31071295
142.250.74.130200 OK 132 kB URL HTTP/2 securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js?cb=31071295
IP 142.250.74.130:0
File type ASCII text, with very long lines (65395)
Size 132 kB (132306 bytes)
Hash 4bb5c05eee04fec4e851c63be4754945
87e1f8c31e4843f44a5032aa38ca930c65ea95d3
6104ebabbe0df8dbd510114b06ddacf583769bba79906a34662fe34abbaf9d27
GET /gpt/pubads_impl_2022120801.js?cb=31071295 HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 132306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Dec 2022 20:56:47 GMT
expires: Fri, 22 Dec 2023 20:56:47 GMT
cache-control: public, immutable, max-age=31536000
age: 212121
last-modified: Thu, 08 Dec 2022 09:38:55 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/pagead/ppub_config?ippd=exeo.app
142.250.74.130200 OK 72 B URL HTTP/2 securepubads.g.doubleclick.net/pagead/ppub_config?ippd=exeo.app
IP 142.250.74.130:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 48fd9be53077a9b85a61ec56e1442e9b
944f7d1e55addccc6e04fd9e99639c04b3d8f4cc
276319570c4a9b621a1aad35a87653885b454212f9ba9b0910a274c5b04494ca
GET /pagead/ppub_config?ippd=exeo.app HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
date: Sun, 25 Dec 2022 07:52:08 GMT
expires: Sun, 25 Dec 2022 07:52:08 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 72
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Dec-2022 08:07:08 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bcf8604a2e2524ce2ec88b3069229507
74921ac0ddce6f7e98f5a5b5994130ef9817226d
2d79eec59ae587d9986860b35bff8b1bbbc11bf1a642b9cb82d9d574316dbd14
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5ec1233b7456781e4e2fb3e8dfea4860
bf61533c9ec2a6310d80457b1231400cf8631868
820ff717f6d3609bf61e238fda2ecfd8fd9aaf77e85760c0154f72461b33de6e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=exeo.app
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exeo.app
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 25 Dec 2022 07:52:08 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=exeo.app
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=exeo.app
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 25 Dec 2022 07:52:08 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bcf8604a2e2524ce2ec88b3069229507
74921ac0ddce6f7e98f5a5b5994130ef9817226d
2d79eec59ae587d9986860b35bff8b1bbbc11bf1a642b9cb82d9d574316dbd14
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
786ddf8206870f4210d90fe2fa8c81b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
142.250.74.97200 OK 2.7 kB URL HTTP/2 786ddf8206870f4210d90fe2fa8c81b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 786ddf8206870f4210d90fe2fa8c81b0.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sun, 25 Dec 2022 07:52:09 GMT
expires: Mon, 25 Dec 2023 07:52:09 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120801&st=env
216.58.207.226200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120801&st=env
IP 216.58.207.226:0
File type JSON data\012- , ASCII text, with very long lines (14657), with no line terminators
Hash de252a8478a138b69f920996e8b22fb1
014ba1e2328625794d98f9a98e658b083dab3463
b11da29f8b2c73592c9d3d9988b346b832fd47f4e70a9a2cbbc50b68a1ed527a
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022120801&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sun, 25 Dec 2022 07:52:09 GMT
server: cafe
content-length: 11059
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b9f99a85781195f2978e242e8e34ff16
7033d45ec984bf7b577308c731e47a4e84596c9c
09e2c2c00b04a0bd83ab098fa77ea0cd3e00499a0feb7df92b1f91af82ec0c69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
172.217.21.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sun, 25 Dec 2022 07:52:09 GMT
expires: Sun, 25 Dec 2022 07:52:09 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
172.217.21.161200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 17:31:48 GMT
expires: Sat, 23 Dec 2023 17:31:48 GMT
cache-control: public, max-age=31536000
age: 138021
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7fd6ef320514aba7ae7c9bb625cc68b8
37ce04a6e471dd435ad84e6ad8d2b061cd5fc6e9
39973c7fc556eedf2b081f338342f9476424c9ef4905b7a1985120f15435af19
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.132200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash a6e508e56b016e4a27d464de2d11a0e3
231d39c56466599292adb75330eb4f9b0477f66d
84e436ae171bd9198e6d33b265ba517a8c043373aadf02916ffabe698520fbb8
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 25 Dec 2022 07:52:09 GMT
date: Sun, 25 Dec 2022 07:52:09 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-mljd8B6Hdkmr23aPJkeBpg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
142.250.74.35200 OK 29 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP 142.250.74.35:0
File type gzip compressed data, max compression\012- data
Hash 939209d057cd987b968ddf347451e4b7
f09df88329647db187f664bd34746a9fe612cdf7
6268301b2bb6abb784f8201b8e6e15afeda27945436cc436292652cdd014769c
GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 20:35:00 GMT
expires: Thu, 21 Dec 2023 20:35:00 GMT
cache-control: public, max-age=31536000
age: 299829
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs
172.217.21.161200 OK 62 kB URL HTTP/2 cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs
IP 172.217.21.161:0
File type Unicode text, UTF-8 text, with very long lines (65011)
Hash 3f51a8995057c4f4771af322462cf7d9
036aa90a48403a53602e0a7691ee9ed82aadd886
175ea869a2348f7abef810cb5630032ad73521dca5cff9f7288def3abf13e334
GET /rtv/022211060024000/amp4ads-v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 61620
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Dec 2022 20:48:36 GMT
expires: Fri, 22 Dec 2023 20:48:36 GMT
cache-control: public, max-age=31536000
age: 212613
etag: "011de7b3056fa7b4"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs
172.217.21.161200 OK 5.2 kB URL HTTP/2 cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs
IP 172.217.21.161:0
File type ASCII text, with very long lines (14697)
Hash ae1a9f090984c448deb0629cc2304ee3
e601825ccec746695f370ed68fa33325152e0d9f
6a947bfcdeea64faa6c795caea11ee09dbe00f5d4003b7b9d47e4945c05ac1e4
GET /rtv/022211060024000/v0/amp-ad-exit-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 5218
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Dec 2022 16:53:46 GMT
expires: Wed, 20 Dec 2023 16:53:46 GMT
cache-control: public, max-age=31536000
age: 399503
etag: "abd4378f71571d78"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/022211060024000/v0/amp-fit-text-0.1.mjs
172.217.21.161200 OK 1.9 kB URL HTTP/2 cdn.ampproject.org/rtv/022211060024000/v0/amp-fit-text-0.1.mjs
IP 172.217.21.161:0
File type ASCII text, with very long lines (5046)
Hash 669c8592ef8f63e7404e45dd6ca56b71
3f6753966361bb86594193009c9097612c361064
d174ae2c0722ab8d4bf736f0200dc5b15d288f9500a706bb161b64f5a3b74f01
GET /rtv/022211060024000/v0/amp-fit-text-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 1913
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Dec 2022 13:26:09 GMT
expires: Wed, 20 Dec 2023 13:26:09 GMT
cache-control: public, max-age=31536000
age: 411960
etag: "403438c4d550ee88"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/022211060024000/v0/amp-form-0.1.mjs
172.217.21.161200 OK 13 kB URL HTTP/2 cdn.ampproject.org/rtv/022211060024000/v0/amp-form-0.1.mjs
IP 172.217.21.161:0
File type Unicode text, UTF-8 text, with very long lines (41057)
Hash 2f873064835eed23708bde2a16830216
7559437b82b9b761e02549d8d51f9e3571e5ed2c
0f5d00ac674cc34652997f2e0dd7fb6eb1a5b22010989c35a81cd7a388c84fdd
GET /rtv/022211060024000/v0/amp-form-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 12946
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 17:39:19 GMT
expires: Sat, 23 Dec 2023 17:39:19 GMT
cache-control: public, max-age=31536000
age: 137570
etag: "0bacd3f1ce38a7db"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S-1090327880%3A1671954728656273&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6MAPccPvbpDmGYInDaju28ELiHLVuxoHk3rQ5_tgOuL2hbBiariZIcn-cr2pG4ZTbnwMe4rg
216.58.211.13403 Forbidden 808 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1090327880%3A1671954728656273&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6MAPccPvbpDmGYInDaju28ELiHLVuxoHk3rQ5_tgOuL2hbBiariZIcn-cr2pG4ZTbnwMe4rg
IP 216.58.211.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash 2249ab099f993258b2ea7d2d64b0bbf4
76186b304da239dcd625931c6fdbfab41061fbec
34aaf1a929d6f082effecf81816bdfe51ac4e23a57115e46585ce4a0e9a1dfde
GET /v3/signin/identifier?dsh=S-1090327880%3A1671954728656273&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6MAPccPvbpDmGYInDaju28ELiHLVuxoHk3rQ5_tgOuL2hbBiariZIcn-cr2pG4ZTbnwMe4rg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 25 Dec 2022 07:52:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-Fs1PmKKE3tQKRo_u5kVQyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj5-sDVATAB&v=APEucNUqNOGlnHqxTVVcV9LIpIRs5PWJNn8bRfhlL6KkqTNTpDU6nQyX83NT96Z34wyXGL-Wr-WYI5LpO0cHqr-nHUI61iG3ivUm-4_vOidpUEUhvNCF_gslRfuxCnELdtH1yRUNYQuSVAJnnWoBjRGTwgemIXleEHif4eDssxctdqZB29wQl0k7wqUFYKIjH7Zul66KMAtNfb16TEO5WE8LLyTFkeKWww
142.250.74.162200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj5-sDVATAB&v=APEucNUqNOGlnHqxTVVcV9LIpIRs5PWJNn8bRfhlL6KkqTNTpDU6nQyX83NT96Z34wyXGL-Wr-WYI5LpO0cHqr-nHUI61iG3ivUm-4_vOidpUEUhvNCF_gslRfuxCnELdtH1yRUNYQuSVAJnnWoBjRGTwgemIXleEHif4eDssxctdqZB29wQl0k7wqUFYKIjH7Zul66KMAtNfb16TEO5WE8LLyTFkeKWww
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CO-t7QIQhsvvAhj5-sDVATAB&v=APEucNUqNOGlnHqxTVVcV9LIpIRs5PWJNn8bRfhlL6KkqTNTpDU6nQyX83NT96Z34wyXGL-Wr-WYI5LpO0cHqr-nHUI61iG3ivUm-4_vOidpUEUhvNCF_gslRfuxCnELdtH1yRUNYQuSVAJnnWoBjRGTwgemIXleEHif4eDssxctdqZB29wQl0k7wqUFYKIjH7Zul66KMAtNfb16TEO5WE8LLyTFkeKWww HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://786ddf8206870f4210d90fe2fa8c81b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 25 Dec 2022 07:52:09 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Dec-2022 08:07:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 25 Dec 2022 07:52:09 GMT
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2702
Expires: Sun, 25 Dec 2022 08:37:11 GMT
Date: Sun, 25 Dec 2022 07:52:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2702
Expires: Sun, 25 Dec 2022 08:37:11 GMT
Date: Sun, 25 Dec 2022 07:52:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2702
Expires: Sun, 25 Dec 2022 08:37:11 GMT
Date: Sun, 25 Dec 2022 07:52:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2702
Expires: Sun, 25 Dec 2022 08:37:11 GMT
Date: Sun, 25 Dec 2022 07:52:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d780f4b4a5928afafeea1348a117ab7
f0623d0355e6b57a5b9bed048b93e1b6b102dfe9
ad6dd8216b30147c99abfff2d1672d731ff940b2fb1da015d3fd5b0b96d11d0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10502
x-amzn-requestid: 93c0b9d3-6c3a-4ee0-b534-04bac0605c9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlF8zECooAMFs5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a51d1e-33fe89cb2bc2652425f43eec;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 03:14:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HnMBSKP2dFjT7X90aHvAnnSKwWuoy-PaGE-gHW-6fnda4M2XEeqeqQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 03:42:15 GMT
age: 14994
etag: "f0623d0355e6b57a5b9bed048b93e1b6b102dfe9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52c03f0a-a30c-400b-be52-c45ddd21f3f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52c03f0a-a30c-400b-be52-c45ddd21f3f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e89b02f98520ca6888ef5be50bc38880
94446097c59ae77bc9e417928d54aaa38a13c337
2f2f303eae60e4ea8ee889424431125fa32728726b70e27536cf903a99af1c6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52c03f0a-a30c-400b-be52-c45ddd21f3f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10398
x-amzn-requestid: a6543702-6966-4b61-9f6b-c7f6fd2e498a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dobFjGwOoAMFR3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a67223-751bae6516ad4a6d0164b505;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 03:29:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dCvz-xI53uQCPt1LUwMuTUUlgbbl4xqV-bhW9HO0F-EHU_3Vqw7XYw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 08:58:14 GMT
age: 82435
etag: "94446097c59ae77bc9e417928d54aaa38a13c337"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68a4a72-0f6f-40de-974f-d8504b0ed296.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68a4a72-0f6f-40de-974f-d8504b0ed296.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8f6d4f6aa8d4339ca2b8a220538d35de
984dbacd8b8d8d9669070af40311006061973a1a
d9c5d254954853622f6d2521025b7b4c3e5b528097326516d0898296bf7252cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68a4a72-0f6f-40de-974f-d8504b0ed296.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15187
x-amzn-requestid: d3fbd6b5-6c77-4a56-8d52-203a2488081f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dOj5PHB8oAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639c19d4-490523b925a02db554dfd3e0;Sampled=0
x-amzn-remapped-date: Fri, 16 Dec 2022 07:10:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KWrOi64YflkV7PB23y6yRn8vnLDh0l_GEG45y2ay8b4Odk1yUtKICQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 17:01:20 GMT
age: 53449
etag: "984dbacd8b8d8d9669070af40311006061973a1a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b280d2f-1dea-4f40-b61e-10dae68ce7c4.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b280d2f-1dea-4f40-b61e-10dae68ce7c4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 694cc4498e41a57fe81f10efd85de57d
df0605e509e4c6c44f278eb44dd1f31bdb525215
e487c025794a0860fc6226e270da1008b2cf363326871547ad263755b7cbd395
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b280d2f-1dea-4f40-b61e-10dae68ce7c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4264
x-amzn-requestid: 5a2c8b3b-4240-4048-bd16-1cc418debf59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: diWbyEU-IAMF2Bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a4044b-1af38fcb4ead058d7a9c3d0b;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 07:16:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1JsMgKDlQhKldLB5SMtfw5GibCd_H4f5OQ3BZQf0v2qvVIHlMbNczg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 10:03:10 GMT
age: 78539
etag: "df0605e509e4c6c44f278eb44dd1f31bdb525215"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c6d13f6c1d756476b4d249a5adf8a7c6
cfefff041364cdfe8ebc88d42204f42a782758ec
6046387c2117ee84c8b4323efcdb5efd8356b7f56493ec729d3dc6e105214cd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15283
x-amzn-requestid: 06d729e0-735e-4b7f-8315-31288bae004c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlnB-HZQIAMFRhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a5520c-73879f297d98c86e3e41984c;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 07:00:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QWZcUCtzfW8l3tSLeTU2FoYT30U24ehbs0VD2rcyUbZW5NO2wo3K0Q==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 07:00:54 GMT
age: 3075
etag: "cfefff041364cdfe8ebc88d42204f42a782758ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98850704-5690-44ef-82a6-a47115c815b5.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98850704-5690-44ef-82a6-a47115c815b5.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aabf647f1b24d12d0bb809b1f84d433e
977626b728fa873144fef657bbe35345e82dac03
1695305ac78989c748b3a4edc5e5f1ac6f09bbea197b79a0d56aa4fc88734a46
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98850704-5690-44ef-82a6-a47115c815b5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13469
x-amzn-requestid: b0d46c6a-beb1-4b33-929d-5cb524819f4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbpyhFlsoAMFT7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a15676-3a82b1a8304f4fd926987f31;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 06:30:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cB3VUPzOfV8QQoWBdXTXq4FcqBlLhsyV41NCZXmCitwT4ddV9TgZxg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 19:50:42 GMT
age: 43287
etag: "977626b728fa873144fef657bbe35345e82dac03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 915903fa6db6c0224648e3273daf13c8
98bad0e53f8f362341207cf5b1c37ab6c0dbb7d7
cc46e6cbdc91bba473f6337162f3e1d0231e556ca42fdd2fe44947aa1eeac413
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/simgad/17174120290488231464
142.250.74.70200 OK 12 kB URL HTTP/2 s0.2mdn.net/simgad/17174120290488231464
IP 142.250.74.70:0
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 5ed7ebd5403d3854e626928628e1df64
e63a213416a4fe89c32eb1ffa913578de4522f59
4f4c240b32a8a51289b65c98dc81313fa028ca684c1755fea2091288f6d54e79
GET /simgad/17174120290488231464 HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://786ddf8206870f4210d90fe2fa8c81b0.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 12533
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Thu, 22 Dec 2022 15:53:38 GMT
expires: Fri, 22 Dec 2023 15:53:38 GMT
cache-control: public, max-age=31536000
age: 230312
last-modified: Thu, 06 Oct 2022 20:01:03 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDYDDNwQ3OlNNOT1BTYoPlZ4VwGAvqeS1FV9ZSSk2xAAAJM8x4DeqVDGvddQnxrj_bbBJxH61m9GiPmCECnUDQyjdk2Fs6DhuAtRNlL7eCgj2Dgd4V_LoY976GnOgX4RKcywsGTb36PBowxMuOX_6Ehz1AoRAMbYwSeOm2lb2ZfzCnKrIm3stzI-yNYq9P_ZDzj2DVpPBt6AGi84bJoZ4hf-Lh4CljJ39iSLKZRQUUSklUKMSq5Q99YbEH6QnoWWD9si4t39gM14ICdga1a2G1UjNRB5-nh5IfyrtsQun9BuTuHcERgigJ2Fx7HHEqJu9Ef8nPxq-E7s3BC9c-fGU6GJ84_33ugi970MACskMZmgCRvsKNQtgjv39lzVGzNjlv-EdRsEWjqgT5sdscKqt58YAeEDkCFd7fizEgtVx3eV98sYFvjLwisLlaNZWUc2nE3UOHT35SjNX3JZsEF4iRgXKqzT11FRsx4ANNwHMp_8oETKl_RxJ4Y31t3sNwTC5X2fdZ3qOq6XWZXGPWP2pmk6jqPbQ3oFXFeGk4jazSCdPc5oNmKCV8hGpnOZQhi0F_qh0ZTAHn7m8CgeOQH_Tg8PTKMxtSTxHP1Xtqg2EOum8JyrhyO5dwkgoBNnoct5ZAaVWrI8CYlIa6Wv3V5SlG0rXRbs26QwTCt-dZ6HJnbmj0S-e0iYRaqFrXpWUpJI3pdY750UEoT_asTVZHsD4Jt729c9_1e6x2u4PM6QL4fbNxBEFVlUVHLgKYf0gDSUZ1qh_hr8ui6qnICSiPZZUnzHfuGfuzZCc5mVi48_BSGojnSJqCyyc9CT_wV8Ock8577CMh67hbjLkUfHfW1m4O71uwiHzP6DfXmFJu5w-X2RMjK2APzWC0JrbcA3WayrEnrasMlU8aVTIovNso8WHp-jMvDentc8gtbqJHSGEwrwMlfneuhnliVmHfLjGzahxPmJbwpyNbPvd5V6AN82YrA0Z11coq7mH8cRdm93V36qLv28OhQCveuKAEM3224TgWtSlm1CSoW7Zj7n56tE7C6E4RQBSAbmbY8hvatR4pmbiIfadJyokat5B-RRqd8I63O2XMI0DsNNT3ukFBKBt5WMEf0wOkE7VgcD6b9UrykRHbU3GQkbnjjAf-pAJ71aCfrqZbTDwKsmAk_QvKJxtbnQsQw-H1oEeqAeqIgEJzHhWUbMO26t4eZyW1&sai=AMfl-YQEQ45zjjTlOFEQgLss5jUeU8gspTi76Jjb4VgnGQWpcDiHpUI1dj8uB4WI2Lxp5r32AlJ5xvisj8TzZfF8N8M-kQMgNF2RtAlB4BSA3KHIu77b3Cft4GKZrq8bw3lrscs54YXypxQuRcxPh8mnQiNJfOuTAkAXccir3EAab_exoUQhTCDzr7mvmY6PcQOvOt9ucnSJOXso_OwOWDs_EIHVUVfK3URea59Po1o7Qzg5U93kLl5sd7PlrPM8ylhjXi6n52SIrfQyh4mREYoMVuxeRK_Iy5JmXFooHC26ROiFqB3I1Bw&sig=Cg0ArKJSzMMy3FtL3DLKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.13922&arae=0&ftch=1&adurl=
172.217.21.162200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDYDDNwQ3OlNNOT1BTYoPlZ4VwGAvqeS1FV9ZSSk2xAAAJM8x4DeqVDGvddQnxrj_bbBJxH61m9GiPmCECnUDQyjdk2Fs6DhuAtRNlL7eCgj2Dgd4V_LoY976GnOgX4RKcywsGTb36PBowxMuOX_6Ehz1AoRAMbYwSeOm2lb2ZfzCnKrIm3stzI-yNYq9P_ZDzj2DVpPBt6AGi84bJoZ4hf-Lh4CljJ39iSLKZRQUUSklUKMSq5Q99YbEH6QnoWWD9si4t39gM14ICdga1a2G1UjNRB5-nh5IfyrtsQun9BuTuHcERgigJ2Fx7HHEqJu9Ef8nPxq-E7s3BC9c-fGU6GJ84_33ugi970MACskMZmgCRvsKNQtgjv39lzVGzNjlv-EdRsEWjqgT5sdscKqt58YAeEDkCFd7fizEgtVx3eV98sYFvjLwisLlaNZWUc2nE3UOHT35SjNX3JZsEF4iRgXKqzT11FRsx4ANNwHMp_8oETKl_RxJ4Y31t3sNwTC5X2fdZ3qOq6XWZXGPWP2pmk6jqPbQ3oFXFeGk4jazSCdPc5oNmKCV8hGpnOZQhi0F_qh0ZTAHn7m8CgeOQH_Tg8PTKMxtSTxHP1Xtqg2EOum8JyrhyO5dwkgoBNnoct5ZAaVWrI8CYlIa6Wv3V5SlG0rXRbs26QwTCt-dZ6HJnbmj0S-e0iYRaqFrXpWUpJI3pdY750UEoT_asTVZHsD4Jt729c9_1e6x2u4PM6QL4fbNxBEFVlUVHLgKYf0gDSUZ1qh_hr8ui6qnICSiPZZUnzHfuGfuzZCc5mVi48_BSGojnSJqCyyc9CT_wV8Ock8577CMh67hbjLkUfHfW1m4O71uwiHzP6DfXmFJu5w-X2RMjK2APzWC0JrbcA3WayrEnrasMlU8aVTIovNso8WHp-jMvDentc8gtbqJHSGEwrwMlfneuhnliVmHfLjGzahxPmJbwpyNbPvd5V6AN82YrA0Z11coq7mH8cRdm93V36qLv28OhQCveuKAEM3224TgWtSlm1CSoW7Zj7n56tE7C6E4RQBSAbmbY8hvatR4pmbiIfadJyokat5B-RRqd8I63O2XMI0DsNNT3ukFBKBt5WMEf0wOkE7VgcD6b9UrykRHbU3GQkbnjjAf-pAJ71aCfrqZbTDwKsmAk_QvKJxtbnQsQw-H1oEeqAeqIgEJzHhWUbMO26t4eZyW1&sai=AMfl-YQEQ45zjjTlOFEQgLss5jUeU8gspTi76Jjb4VgnGQWpcDiHpUI1dj8uB4WI2Lxp5r32AlJ5xvisj8TzZfF8N8M-kQMgNF2RtAlB4BSA3KHIu77b3Cft4GKZrq8bw3lrscs54YXypxQuRcxPh8mnQiNJfOuTAkAXccir3EAab_exoUQhTCDzr7mvmY6PcQOvOt9ucnSJOXso_OwOWDs_EIHVUVfK3URea59Po1o7Qzg5U93kLl5sd7PlrPM8ylhjXi6n52SIrfQyh4mREYoMVuxeRK_Iy5JmXFooHC26ROiFqB3I1Bw&sig=Cg0ArKJSzMMy3FtL3DLKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.13922&arae=0&ftch=1&adurl=
IP 172.217.21.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsuDYDDNwQ3OlNNOT1BTYoPlZ4VwGAvqeS1FV9ZSSk2xAAAJM8x4DeqVDGvddQnxrj_bbBJxH61m9GiPmCECnUDQyjdk2Fs6DhuAtRNlL7eCgj2Dgd4V_LoY976GnOgX4RKcywsGTb36PBowxMuOX_6Ehz1AoRAMbYwSeOm2lb2ZfzCnKrIm3stzI-yNYq9P_ZDzj2DVpPBt6AGi84bJoZ4hf-Lh4CljJ39iSLKZRQUUSklUKMSq5Q99YbEH6QnoWWD9si4t39gM14ICdga1a2G1UjNRB5-nh5IfyrtsQun9BuTuHcERgigJ2Fx7HHEqJu9Ef8nPxq-E7s3BC9c-fGU6GJ84_33ugi970MACskMZmgCRvsKNQtgjv39lzVGzNjlv-EdRsEWjqgT5sdscKqt58YAeEDkCFd7fizEgtVx3eV98sYFvjLwisLlaNZWUc2nE3UOHT35SjNX3JZsEF4iRgXKqzT11FRsx4ANNwHMp_8oETKl_RxJ4Y31t3sNwTC5X2fdZ3qOq6XWZXGPWP2pmk6jqPbQ3oFXFeGk4jazSCdPc5oNmKCV8hGpnOZQhi0F_qh0ZTAHn7m8CgeOQH_Tg8PTKMxtSTxHP1Xtqg2EOum8JyrhyO5dwkgoBNnoct5ZAaVWrI8CYlIa6Wv3V5SlG0rXRbs26QwTCt-dZ6HJnbmj0S-e0iYRaqFrXpWUpJI3pdY750UEoT_asTVZHsD4Jt729c9_1e6x2u4PM6QL4fbNxBEFVlUVHLgKYf0gDSUZ1qh_hr8ui6qnICSiPZZUnzHfuGfuzZCc5mVi48_BSGojnSJqCyyc9CT_wV8Ock8577CMh67hbjLkUfHfW1m4O71uwiHzP6DfXmFJu5w-X2RMjK2APzWC0JrbcA3WayrEnrasMlU8aVTIovNso8WHp-jMvDentc8gtbqJHSGEwrwMlfneuhnliVmHfLjGzahxPmJbwpyNbPvd5V6AN82YrA0Z11coq7mH8cRdm93V36qLv28OhQCveuKAEM3224TgWtSlm1CSoW7Zj7n56tE7C6E4RQBSAbmbY8hvatR4pmbiIfadJyokat5B-RRqd8I63O2XMI0DsNNT3ukFBKBt5WMEf0wOkE7VgcD6b9UrykRHbU3GQkbnjjAf-pAJ71aCfrqZbTDwKsmAk_QvKJxtbnQsQw-H1oEeqAeqIgEJzHhWUbMO26t4eZyW1&sai=AMfl-YQEQ45zjjTlOFEQgLss5jUeU8gspTi76Jjb4VgnGQWpcDiHpUI1dj8uB4WI2Lxp5r32AlJ5xvisj8TzZfF8N8M-kQMgNF2RtAlB4BSA3KHIu77b3Cft4GKZrq8bw3lrscs54YXypxQuRcxPh8mnQiNJfOuTAkAXccir3EAab_exoUQhTCDzr7mvmY6PcQOvOt9ucnSJOXso_OwOWDs_EIHVUVfK3URea59Po1o7Qzg5U93kLl5sd7PlrPM8ylhjXi6n52SIrfQyh4mREYoMVuxeRK_Iy5JmXFooHC26ROiFqB3I1Bw&sig=Cg0ArKJSzMMy3FtL3DLKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.13922&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://786ddf8206870f4210d90fe2fa8c81b0.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sun, 25 Dec 2022 07:52:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Dec-2022 08:07:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 25 Dec 2022 07:52:10 GMT
X-Firefox-Spdy: h2
t.6sc.co/img.gif?event=imp&mcid=84454&cb=2634226507&pid=179892654&cid=28401156
23.14.5.116200 OK 43 B URL HTTP/1.1 t.6sc.co/img.gif?event=imp&mcid=84454&cb=2634226507&pid=179892654&cid=28401156
IP 23.14.5.116:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /img.gif?event=imp&mcid=84454&cb=2634226507&pid=179892654&cid=28401156 HTTP/1.1
Host: t.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://786ddf8206870f4210d90fe2fa8c81b0.safeframe.googlesyndication.com/
Cookie: 6suuid=1c9854683927000039f2a7631e0300005db13b00
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-Type: image/gif
ETag: "5e502814-2b"
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Fri, 21 Feb 2020 18:57:24 GMT
Pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
X-Content-Type-Options: nosniff
Content-Length: 43
Date: Sun, 25 Dec 2022 07:52:10 GMT
Connection: keep-alive
Set-Cookie: 6suuid=1c9854683927000039f2a7631e0300005db13b00; expires=Tue, 24-Dec-2024 07:52:10 GMT; path=/; domain=.6sc.co; SameSite=None; secure
Access-Control-Allow-Origin:
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 915903fa6db6c0224648e3273daf13c8
98bad0e53f8f362341207cf5b1c37ab6c0dbb7d7
cc46e6cbdc91bba473f6337162f3e1d0231e556ca42fdd2fe44947aa1eeac413
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 07:52:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDYDDNwQ3OlNNOT1BTYoPlZ4VwGAvqeS1FV9ZSSk2xAAAJM8x4DeqVDGvddQnxrj_bbBJxH61m9GiPmCECnUDQyjdk2Fs6DhuAtRNlL7eCgj2Dgd4V_LoY976GnOgX4RKcywsGTb36PBowxMuOX_6Ehz1AoRAMbYwSeOm2lb2ZfzCnKrIm3stzI-yNYq9P_ZDzj2DVpPBt6AGi84bJoZ4hf-Lh4CljJ39iSLKZRQUUSklUKMSq5Q99YbEH6QnoWWD9si4t39gM14ICdga1a2G1UjNRB5-nh5IfyrtsQun9BuTuHcERgigJ2Fx7HHEqJu9Ef8nPxq-E7s3BC9c-fGU6GJ84_33ugi970MACskMZmgCRvsKNQtgjv39lzVGzNjlv-EdRsEWjqgT5sdscKqt58YAeEDkCFd7fizEgtVx3eV98sYFvjLwisLlaNZWUc2nE3UOHT35SjNX3JZsEF4iRgXKqzT11FRsx4ANNwHMp_8oETKl_RxJ4Y31t3sNwTC5X2fdZ3qOq6XWZXGPWP2pmk6jqPbQ3oFXFeGk4jazSCdPc5oNmKCV8hGpnOZQhi0F_qh0ZTAHn7m8CgeOQH_Tg8PTKMxtSTxHP1Xtqg2EOum8JyrhyO5dwkgoBNnoct5ZAaVWrI8CYlIa6Wv3V5SlG0rXRbs26QwTCt-dZ6HJnbmj0S-e0iYRaqFrXpWUpJI3pdY750UEoT_asTVZHsD4Jt729c9_1e6x2u4PM6QL4fbNxBEFVlUVHLgKYf0gDSUZ1qh_hr8ui6qnICSiPZZUnzHfuGfuzZCc5mVi48_BSGojnSJqCyyc9CT_wV8Ock8577CMh67hbjLkUfHfW1m4O71uwiHzP6DfXmFJu5w-X2RMjK2APzWC0JrbcA3WayrEnrasMlU8aVTIovNso8WHp-jMvDentc8gtbqJHSGEwrwMlfneuhnliVmHfLjGzahxPmJbwpyNbPvd5V6AN82YrA0Z11coq7mH8cRdm93V36qLv28OhQCveuKAEM3224TgWtSlm1CSoW7Zj7n56tE7C6E4RQBSAbmbY8hvatR4pmbiIfadJyokat5B-RRqd8I63O2XMI0DsNNT3ukFBKBt5WMEf0wOkE7VgcD6b9UrykRHbU3GQkbnjjAf-pAJ71aCfrqZbTDwKsmAk_QvKJxtbnQsQw-H1oEeqAeqIgEJzHhWUbMO26t4eZyW1&sai=AMfl-YQEQ45zjjTlOFEQgLss5jUeU8gspTi76Jjb4VgnGQWpcDiHpUI1dj8uB4WI2Lxp5r32AlJ5xvisj8TzZfF8N8M-kQMgNF2RtAlB4BSA3KHIu77b3Cft4GKZrq8bw3lrscs54YXypxQuRcxPh8mnQiNJfOuTAkAXccir3EAab_exoUQhTCDzr7mvmY6PcQOvOt9ucnSJOXso_OwOWDs_EIHVUVfK3URea59Po1o7Qzg5U93kLl5sd7PlrPM8ylhjXi6n52SIrfQyh4mREYoMVuxeRK_Iy5JmXFooHC26ROiFqB3I1Bw&sig=Cg0ArKJSzMMy3FtL3DLKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=312&vt=11&dtpt=311&dett=2&cstd=0&cisv=r20221207.13922&arae=0&ftch=1&adurl=
172.217.21.162200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDYDDNwQ3OlNNOT1BTYoPlZ4VwGAvqeS1FV9ZSSk2xAAAJM8x4DeqVDGvddQnxrj_bbBJxH61m9GiPmCECnUDQyjdk2Fs6DhuAtRNlL7eCgj2Dgd4V_LoY976GnOgX4RKcywsGTb36PBowxMuOX_6Ehz1AoRAMbYwSeOm2lb2ZfzCnKrIm3stzI-yNYq9P_ZDzj2DVpPBt6AGi84bJoZ4hf-Lh4CljJ39iSLKZRQUUSklUKMSq5Q99YbEH6QnoWWD9si4t39gM14ICdga1a2G1UjNRB5-nh5IfyrtsQun9BuTuHcERgigJ2Fx7HHEqJu9Ef8nPxq-E7s3BC9c-fGU6GJ84_33ugi970MACskMZmgCRvsKNQtgjv39lzVGzNjlv-EdRsEWjqgT5sdscKqt58YAeEDkCFd7fizEgtVx3eV98sYFvjLwisLlaNZWUc2nE3UOHT35SjNX3JZsEF4iRgXKqzT11FRsx4ANNwHMp_8oETKl_RxJ4Y31t3sNwTC5X2fdZ3qOq6XWZXGPWP2pmk6jqPbQ3oFXFeGk4jazSCdPc5oNmKCV8hGpnOZQhi0F_qh0ZTAHn7m8CgeOQH_Tg8PTKMxtSTxHP1Xtqg2EOum8JyrhyO5dwkgoBNnoct5ZAaVWrI8CYlIa6Wv3V5SlG0rXRbs26QwTCt-dZ6HJnbmj0S-e0iYRaqFrXpWUpJI3pdY750UEoT_asTVZHsD4Jt729c9_1e6x2u4PM6QL4fbNxBEFVlUVHLgKYf0gDSUZ1qh_hr8ui6qnICSiPZZUnzHfuGfuzZCc5mVi48_BSGojnSJqCyyc9CT_wV8Ock8577CMh67hbjLkUfHfW1m4O71uwiHzP6DfXmFJu5w-X2RMjK2APzWC0JrbcA3WayrEnrasMlU8aVTIovNso8WHp-jMvDentc8gtbqJHSGEwrwMlfneuhnliVmHfLjGzahxPmJbwpyNbPvd5V6AN82YrA0Z11coq7mH8cRdm93V36qLv28OhQCveuKAEM3224TgWtSlm1CSoW7Zj7n56tE7C6E4RQBSAbmbY8hvatR4pmbiIfadJyokat5B-RRqd8I63O2XMI0DsNNT3ukFBKBt5WMEf0wOkE7VgcD6b9UrykRHbU3GQkbnjjAf-pAJ71aCfrqZbTDwKsmAk_QvKJxtbnQsQw-H1oEeqAeqIgEJzHhWUbMO26t4eZyW1&sai=AMfl-YQEQ45zjjTlOFEQgLss5jUeU8gspTi76Jjb4VgnGQWpcDiHpUI1dj8uB4WI2Lxp5r32AlJ5xvisj8TzZfF8N8M-kQMgNF2RtAlB4BSA3KHIu77b3Cft4GKZrq8bw3lrscs54YXypxQuRcxPh8mnQiNJfOuTAkAXccir3EAab_exoUQhTCDzr7mvmY6PcQOvOt9ucnSJOXso_OwOWDs_EIHVUVfK3URea59Po1o7Qzg5U93kLl5sd7PlrPM8ylhjXi6n52SIrfQyh4mREYoMVuxeRK_Iy5JmXFooHC26ROiFqB3I1Bw&sig=Cg0ArKJSzMMy3FtL3DLKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=312&vt=11&dtpt=311&dett=2&cstd=0&cisv=r20221207.13922&arae=0&ftch=1&adurl=
IP 172.217.21.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsuDYDDNwQ3OlNNOT1BTYoPlZ4VwGAvqeS1FV9ZSSk2xAAAJM8x4DeqVDGvddQnxrj_bbBJxH61m9GiPmCECnUDQyjdk2Fs6DhuAtRNlL7eCgj2Dgd4V_LoY976GnOgX4RKcywsGTb36PBowxMuOX_6Ehz1AoRAMbYwSeOm2lb2ZfzCnKrIm3stzI-yNYq9P_ZDzj2DVpPBt6AGi84bJoZ4hf-Lh4CljJ39iSLKZRQUUSklUKMSq5Q99YbEH6QnoWWD9si4t39gM14ICdga1a2G1UjNRB5-nh5IfyrtsQun9BuTuHcERgigJ2Fx7HHEqJu9Ef8nPxq-E7s3BC9c-fGU6GJ84_33ugi970MACskMZmgCRvsKNQtgjv39lzVGzNjlv-EdRsEWjqgT5sdscKqt58YAeEDkCFd7fizEgtVx3eV98sYFvjLwisLlaNZWUc2nE3UOHT35SjNX3JZsEF4iRgXKqzT11FRsx4ANNwHMp_8oETKl_RxJ4Y31t3sNwTC5X2fdZ3qOq6XWZXGPWP2pmk6jqPbQ3oFXFeGk4jazSCdPc5oNmKCV8hGpnOZQhi0F_qh0ZTAHn7m8CgeOQH_Tg8PTKMxtSTxHP1Xtqg2EOum8JyrhyO5dwkgoBNnoct5ZAaVWrI8CYlIa6Wv3V5SlG0rXRbs26QwTCt-dZ6HJnbmj0S-e0iYRaqFrXpWUpJI3pdY750UEoT_asTVZHsD4Jt729c9_1e6x2u4PM6QL4fbNxBEFVlUVHLgKYf0gDSUZ1qh_hr8ui6qnICSiPZZUnzHfuGfuzZCc5mVi48_BSGojnSJqCyyc9CT_wV8Ock8577CMh67hbjLkUfHfW1m4O71uwiHzP6DfXmFJu5w-X2RMjK2APzWC0JrbcA3WayrEnrasMlU8aVTIovNso8WHp-jMvDentc8gtbqJHSGEwrwMlfneuhnliVmHfLjGzahxPmJbwpyNbPvd5V6AN82YrA0Z11coq7mH8cRdm93V36qLv28OhQCveuKAEM3224TgWtSlm1CSoW7Zj7n56tE7C6E4RQBSAbmbY8hvatR4pmbiIfadJyokat5B-RRqd8I63O2XMI0DsNNT3ukFBKBt5WMEf0wOkE7VgcD6b9UrykRHbU3GQkbnjjAf-pAJ71aCfrqZbTDwKsmAk_QvKJxtbnQsQw-H1oEeqAeqIgEJzHhWUbMO26t4eZyW1&sai=AMfl-YQEQ45zjjTlOFEQgLss5jUeU8gspTi76Jjb4VgnGQWpcDiHpUI1dj8uB4WI2Lxp5r32AlJ5xvisj8TzZfF8N8M-kQMgNF2RtAlB4BSA3KHIu77b3Cft4GKZrq8bw3lrscs54YXypxQuRcxPh8mnQiNJfOuTAkAXccir3EAab_exoUQhTCDzr7mvmY6PcQOvOt9ucnSJOXso_OwOWDs_EIHVUVfK3URea59Po1o7Qzg5U93kLl5sd7PlrPM8ylhjXi6n52SIrfQyh4mREYoMVuxeRK_Iy5JmXFooHC26ROiFqB3I1Bw&sig=Cg0ArKJSzMMy3FtL3DLKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=312&vt=11&dtpt=311&dett=2&cstd=0&cisv=r20221207.13922&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://786ddf8206870f4210d90fe2fa8c81b0.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sun, 25 Dec 2022 07:52:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Dec-2022 08:07:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 25 Dec 2022 07:52:10 GMT
X-Firefox-Spdy: h2
live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvMFlSYXFySA==
104.16.133.22200 OK 0 B URL HTTP/2 live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvMFlSYXFySA==
IP 104.16.133.22:0
GET /p4/v16-2-0/ZXhlby5hcHAvMFlSYXFySA== HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=bd5cee6c-e676-499b-bb0b-de17b61f7ecc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 77effedb5b36b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 44hiOGzr+XB30PypHnHh3P0ng6ulF42LF9Fz8pSYl5dbjOZhGaVfJCFOa8hv0zNgvRBzt9iDcKoOI8CduB/5MA==
date: Sun, 25 Dec 2022 07:52:08 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Dec 2022 07:52:07 GMT
date: Sun, 25 Dec 2022 07:52:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
172.67.149.153200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 172.67.149.153:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4756
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gwP8IrdP94TEh%2BJQkqYflNXBSGtoGfukYzuFssWQN0WMBIfsnVzpxMdx2k2XedmhCGyB0NgDleo%2Ff4e1qDbKOtgTccBAUHoREVHANpxBbEeCHYCaK%2B8%2B6ViVFEzqO%2FVgEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77effeda58610b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671940800
104.26.8.233200 OK 0 B URL HTTP/2 exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671940800
IP 104.26.8.233:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671940800 HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga=GA1.2.2029702912.1671950902; _gid=GA1.2.1608658714.1671950902; __gads=ID=a5161ffaf28e6044:T=1671950904:S=ALNI_MYdVM0gJmKQ6Co20xgNcRiT0KshkA; __gpi=UID=00000b98151c0015:T=1671950904:RT=1671950904:S=ALNI_MaY7bcCD3CJPxqvWgAp2ol3BoAyKA; AppSession=1b2faff0811f115274737d3b6b8feb62; csrfToken=836479c1231bedd7ddc70fccbca9bc16c883202ac24846fc10f53791b419ee4ff9837bc530f5289bdba1e95a3d58c1e84c308eb47ca164a1dd1c0de67ecb93c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
x-control-type-options: nosniff
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bBwT3JNaU7c4C7ltSbygKeVcIW%2BHd%2F00cQ9bmtfX3ZEuNwNZok1F%2B6kr0K1GRt9Bh0fr5FYhQdWW9lVnKiclC0iu2dR8YuIYzcfX4U%2FqpBBZjWwfxFvk8qVW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effedb081b1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.demand.supply/up.js
104.16.133.22200 OK 0 B IP 104.16.133.22:0
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=bd5cee6c-e676-499b-bb0b-de17b61f7ecc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 77effeda4a75b512-OSL
age: 824
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"30cd4982b290dd406327b3dd39f1ea22-ssl-df"
link: <https://live.demand.supply/impl.v16.3.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv>; rel=preload; as=script
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=4391
timing-allow-origin: *
x-nf-request-id: 01GMX2WC7DDRK600SK19DPWQGC
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Cookie: csu=1186536940400404@1@1671950903
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: text/plain
set-cookie: csu=1186536940400404@2@1671950903; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GxTa3KY4b0AB5q87TPlHmJUA2GYZ1oUGRzzvhG%2FzTT51yh3iJ6seZmVheNghjoW8YgDvueIvh9aLOuDIEDQpOKTqeqkINLNaNsvFheYi2t%2BB8VVm0KWUTg8uQgrRLDyQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effedb2b8f76c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Cookie: csu=1186536940400404@1@1671950903
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 07:52:08 GMT
content-type: text/plain
set-cookie: csu=1186536940400404@2@1671950903; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2YBk1r8QbeG3BjEIHl5Bm3qR6iot1O8Bvct1Jf%2BH9HQeFyvDLp8FZs0MnPnMnbDnmeP%2F8UYIbn2GexTdHln5tK%2FfKJsJNM0OER24tLJ0vQEldHyKlkH806Jn2YuvL%2Bd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effedbec3e76c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exe.io/0YRaqrH
172.67.71.40302 Found 0 B IP 172.67.71.40:0
GET /0YRaqrH HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sun, 25 Dec 2022 07:52:07 GMT
content-type: text/html; charset=UTF-8
location: https://exeo.app/0YRaqrH
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=5c253bf1411a9f039b4f9d787aa7515c; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FdHJdwSy65kiycUg%2BUkyq6fOz7WdEA66GpaYlV1U4Px60UFIE9vGebpuJ%2F0unujI7tznqE7AMyp4NQCkDc7j8rChiI%2BlP5oI6osM%2F4jm30wYZvy3ZrCfHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77effed5fcaafac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2